Skip to main content
Every Klariqo compliance record is signed so that any change to it is detectable. This page explains what the signature is, and what it does and does not prove.

How the signature works

1

The recording is fingerprinted

A SHA-512 content hash is computed over the recording and stored in the record. It ties the record to that exact audio.
2

The record is signed

A JWS signature (RS256) is computed over the whole record. The signature carries Klariqo’s signing certificate, so a verifier has what it needs to check it.
3

Tampering becomes visible

Any later change to the record, even a single character, makes the signature fail verification. There is no silent edit.

What the signature proves

  • Integrity. The record is exactly what was signed, unchanged. This is the strong, independent guarantee.
  • Origin, self-asserted. It was signed by Klariqo’s published key. Self-asserted means we publish our key and you can check a record was signed by it. Klariqo is not a certificate authority, and the signature does not chain to a government or third-party root.

What it does not prove

A valid signature proves the record’s integrity and origin. It is not a legal judgment. It does not by itself make a call lawful, prove consent, or make you compliant. See the evidence boundary.

Verify it yourself

Verify a vCon

Paste or upload any record and check the signature in your browser.